<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
  <title>create (SessionsController)</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <link rel="stylesheet" href="../.././rdoc-style.css" type="text/css" media="screen" />
</head>
<body class="standalone-code">
  <pre><span class="ruby-comment cmt"># File sessions_controller.rb, line 10</span>
  <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">create</span>
    <span class="ruby-identifier">logout_keeping_session!</span>
    <span class="ruby-identifier">user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">authenticate</span>(<span class="ruby-identifier">params</span>[<span class="ruby-identifier">:login</span>], <span class="ruby-identifier">params</span>[<span class="ruby-identifier">:password</span>])
    <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">user</span>
      <span class="ruby-comment cmt"># Protects against session fixation attacks, causes request forgery</span>
      <span class="ruby-comment cmt"># protection if user resubmits an earlier form using back</span>
      <span class="ruby-comment cmt"># button. Uncomment if you understand the tradeoffs.</span>
      <span class="ruby-comment cmt"># reset_session</span>
      <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-identifier">user</span>
      <span class="ruby-identifier">new_cookie_flag</span> = (<span class="ruby-identifier">params</span>[<span class="ruby-identifier">:remember_me</span>] <span class="ruby-operator">==</span> <span class="ruby-value str">&quot;1&quot;</span>)
      <span class="ruby-identifier">handle_remember_cookie!</span> <span class="ruby-identifier">new_cookie_flag</span>
      <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">:controller</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">&quot;users&quot;</span>, <span class="ruby-identifier">:action</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">&quot;home&quot;</span>, <span class="ruby-identifier">:id</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">current_user</span>.<span class="ruby-identifier">id</span>
      <span class="ruby-identifier">flash</span>[<span class="ruby-identifier">:notice</span>] = <span class="ruby-value str">&quot;Logged in successfully&quot;</span>
    <span class="ruby-keyword kw">else</span>
      <span class="ruby-identifier">note_failed_signin</span>
      <span class="ruby-ivar">@login</span>       = <span class="ruby-identifier">params</span>[<span class="ruby-identifier">:login</span>]
      <span class="ruby-ivar">@remember_me</span> = <span class="ruby-identifier">params</span>[<span class="ruby-identifier">:remember_me</span>]
      <span class="ruby-identifier">render</span> <span class="ruby-identifier">:action</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">'new'</span>
    <span class="ruby-keyword kw">end</span>
  <span class="ruby-keyword kw">end</span></pre>
</body>
</html>